CVE-2025-40351

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()<br /> <br /> The syzbot reported issue in hfsplus_delete_cat():<br /> <br /> [ 70.682285][ T9333] =====================================================<br /> [ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220<br /> [ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220<br /> [ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0<br /> [ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310<br /> [ 70.685048][ T9333] vfs_rmdir+0x5ba/0x810<br /> [ 70.685447][ T9333] do_rmdir+0x964/0xea0<br /> [ 70.685833][ T9333] __x64_sys_rmdir+0x71/0xb0<br /> [ 70.686260][ T9333] x64_sys_call+0xcd8/0x3cf0<br /> [ 70.686695][ T9333] do_syscall_64+0xd9/0x1d0<br /> [ 70.687119][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> [ 70.687646][ T9333]<br /> [ 70.687856][ T9333] Uninit was stored to memory at:<br /> [ 70.688311][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0<br /> [ 70.688779][ T9333] hfsplus_create_cat+0x148e/0x1800<br /> [ 70.689231][ T9333] hfsplus_mknod+0x27f/0x600<br /> [ 70.689730][ T9333] hfsplus_mkdir+0x5a/0x70<br /> [ 70.690146][ T9333] vfs_mkdir+0x483/0x7a0<br /> [ 70.690545][ T9333] do_mkdirat+0x3f2/0xd30<br /> [ 70.690944][ T9333] __x64_sys_mkdir+0x9a/0xf0<br /> [ 70.691380][ T9333] x64_sys_call+0x2f89/0x3cf0<br /> [ 70.691816][ T9333] do_syscall_64+0xd9/0x1d0<br /> [ 70.692229][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> [ 70.692773][ T9333]<br /> [ 70.692990][ T9333] Uninit was stored to memory at:<br /> [ 70.693469][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0<br /> [ 70.693960][ T9333] hfsplus_create_cat+0x148e/0x1800<br /> [ 70.694438][ T9333] hfsplus_fill_super+0x21c1/0x2700<br /> [ 70.694911][ T9333] mount_bdev+0x37b/0x530<br /> [ 70.695320][ T9333] hfsplus_mount+0x4d/0x60<br /> [ 70.695729][ T9333] legacy_get_tree+0x113/0x2c0<br /> [ 70.696167][ T9333] vfs_get_tree+0xb3/0x5c0<br /> [ 70.696588][ T9333] do_new_mount+0x73e/0x1630<br /> [ 70.697013][ T9333] path_mount+0x6e3/0x1eb0<br /> [ 70.697425][ T9333] __se_sys_mount+0x733/0x830<br /> [ 70.697857][ T9333] __x64_sys_mount+0xe4/0x150<br /> [ 70.698269][ T9333] x64_sys_call+0x2691/0x3cf0<br /> [ 70.698704][ T9333] do_syscall_64+0xd9/0x1d0<br /> [ 70.699117][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> [ 70.699730][ T9333]<br /> [ 70.699946][ T9333] Uninit was created at:<br /> [ 70.700378][ T9333] __alloc_pages_noprof+0x714/0xe60<br /> [ 70.700843][ T9333] alloc_pages_mpol_noprof+0x2a2/0x9b0<br /> [ 70.701331][ T9333] alloc_pages_noprof+0xf8/0x1f0<br /> [ 70.701774][ T9333] allocate_slab+0x30e/0x1390<br /> [ 70.702194][ T9333] ___slab_alloc+0x1049/0x33a0<br /> [ 70.702635][ T9333] kmem_cache_alloc_lru_noprof+0x5ce/0xb20<br /> [ 70.703153][ T9333] hfsplus_alloc_inode+0x5a/0xd0<br /> [ 70.703598][ T9333] alloc_inode+0x82/0x490<br /> [ 70.703984][ T9333] iget_locked+0x22e/0x1320<br /> [ 70.704428][ T9333] hfsplus_iget+0x5c/0xba0<br /> [ 70.704827][ T9333] hfsplus_btree_open+0x135/0x1dd0<br /> [ 70.705291][ T9333] hfsplus_fill_super+0x1132/0x2700<br /> [ 70.705776][ T9333] mount_bdev+0x37b/0x530<br /> [ 70.706171][ T9333] hfsplus_mount+0x4d/0x60<br /> [ 70.706579][ T9333] legacy_get_tree+0x113/0x2c0<br /> [ 70.707019][ T9333] vfs_get_tree+0xb3/0x5c0<br /> [ 70.707444][ T9333] do_new_mount+0x73e/0x1630<br /> [ 70.707865][ T9333] path_mount+0x6e3/0x1eb0<br /> [ 70.708270][ T9333] __se_sys_mount+0x733/0x830<br /> [ 70.708711][ T9333] __x64_sys_mount+0xe4/0x150<br /> [ 70.709158][ T9333] x64_sys_call+0x2691/0x3cf0<br /> [ 70.709630][ T9333] do_syscall_64+0xd9/0x1d0<br /> [ 70.710053][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> [ 70.710611][ T9333]<br /> [ 70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17<br /> [ 70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> [ 70.712490][ T9333] =====================================================<br /> [ 70.713085][ T9333] Disabling lock debugging due to kernel taint<br /> [ 70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ...<br /> [ 70.714159][ T9333] <br /> ---truncated---